From nobody Sun Jun 28 04:43:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CD84C433EF for ; Mon, 14 Feb 2022 18:47:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232724AbiBNSrb (ORCPT ); Mon, 14 Feb 2022 13:47:31 -0500 Received: from gmail-smtp-in.l.google.com ([23.128.96.19]:48798 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229609AbiBNSr1 (ORCPT ); Mon, 14 Feb 2022 13:47:27 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5BF84716C7 for ; Mon, 14 Feb 2022 10:47:11 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D67A460C52 for ; Mon, 14 Feb 2022 18:45:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D44A7C340EB; Mon, 14 Feb 2022 18:45:46 +0000 (UTC) Date: Mon, 14 Feb 2022 13:45:45 -0500 From: Steven Rostedt To: LKML Cc: Tom Zanussi , kernel test robot Subject: [PATCH] tracing: Fix allocation of last_cmd in last_cmd_set() Message-ID: <20220214134545.4597835e@gandalf.local.home> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: "Steven Rostedt (Google)" The strncat() used in last_cmd_set() includes the nul byte of length of the string being copied in, when it should only hold the size of the string being copied (not the nul byte). Change it to subtract the length of the allocated space and the nul byte to pass that into the strncat(). Also, assign "len" instead of initializing it to zero and its first update is to do a "+=3D". Link: https://lore.kernel.org/all/202202140628.fj6e4w4v-lkp@intel.com/ Reported-by: kernel test robot Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_events_hist.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_h= ist.c index 5e8970624bce..78788049f3d3 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -744,19 +744,20 @@ static void last_cmd_set(struct trace_event_file *fil= e, char *str) { const char *system =3D NULL, *name =3D NULL; struct trace_event_call *call; - int len =3D 0; + int len; =20 if (!str) return; =20 - len +=3D sizeof(HIST_PREFIX) + strlen(str) + 1; + len =3D sizeof(HIST_PREFIX) + strlen(str) + 1; kfree(last_cmd); last_cmd =3D kzalloc(len, GFP_KERNEL); if (!last_cmd) return; =20 strcpy(last_cmd, HIST_PREFIX); - strncat(last_cmd, str, len - sizeof(HIST_PREFIX)); + len -=3D sizeof(HIST_PREFIX) + 1; + strncat(last_cmd, str, len); =20 if (file) { call =3D file->event_call; --=20 2.34.1